Admin equiv creates root owned files

Tim Winders twinders at SPC.cc.tx.us
Fri May 29 15:00:38 GMT 1998


On Sat, 30 May 1998, Andrew Tridgell wrote:

> > I just noticed this and am questioning the security implications.  I have
> > the following in smb.conf
> > 
> >    admin users = twinders
> >    domain admin users = twinders
> > 
> > When I login to Win95/WinNT with the twinders username and correct
> > password, any files created on the Samba server are owned root and group
> > system.  This is under Digital Unix 4.0D and CVS HEAD from 5/24.  Can
> > anyone explain why these files should be root owned instead of user owned?
> 
> this is explained in the smb.conf man page. 
> 
> It is tempting to remove this option completely as so many people seem
> to just assume it works like the NT equivalent does. It really isn't a
> very useful option. Jeremy, what do you think? remove it?
> 
> -----
> .SS admin users (S)
> 
> This is a list of users who will be granted administrative privileges
> on the share. This means that they will do all file operations as the
> super-user (root).
> 
> You should use this option very carefully, as any user in this list
> will be able to do anything they like on the share, irrespective of
> file permissions.

I read this, but disagree with how it should work.  Is the ONLY thing it
does is FILE permissions?  Are there other "domain" things that might pop
up in the future? 

=== Tim

---------------------------------------------------------------------
|  Tim Winders, CNE, MCSE        |  Email:  TWinders at SPC.cc.tx.us   |
|  Network Administrator         |  Phone:  806-894-9611 x 2369     |
|  South Plains College          |  Fax:    806-897-4711            |
---------------------------------------------------------------------




More information about the samba-ntdom mailing list